I may not be understanding what you're saying Jon, but I believe you're saying this:
Your user wants to be able to define which roles can access function F. You don't want to hard-code roles R and S in advance to access the function F, but allow the end user to be able to define his own roles, and then say that those permissions can access the function. Is that correct?
If so there are ways of doing that with Jsecurity. For instance, you could say that permission P is required to access the function (for instance, Modify Book), and then programatically, at run time, allow the end security admin to choose which users have that permission via JsecUserPermissionRel or JsecRolePermissionRel.
On Fri, May 16, 2008 at 8:06 AM, Jon.S <
bulkmailme@...> wrote:
I just having problem with defining all securityFilter and assigning to
certain role in advance. I rather like my customer to define its own role
and user. Because it seems to me that if I need to add new security
permision into the filter I need to repackage my application to war file.
But correct me if I'm wrong on this.
It's like what had shown in ACEGI tutorial where you can create new role,
and assign this role permision(such as restrict the role's url).
Best Regards,
J
--
View this message in context: http://www.nabble.com/jsecurity-VS-acegi-tp17272804p17275557.html
Sent from the grails - user mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
--
Ricardo J. Méndez
http://ricardo.strangevistas.net/
